CVE-2021-43793

discourse/discourse

on github

Published

December 1, 2021

Severity

CVSS v3:

4.3 MEDIUM

CVSS v2:

4 MEDIUM

Description

Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse

References

https://github.com/discourse/discourse/security/advisories/GHSA-jq7h-44vc-h6qx
https://github.com/discourse/discourse/commit/0c6b9df77bac9c6f7c7e2eadf6fe100064afdeab
https://github.com/discourse/discourse/commit/1d0faedfbc3a8b77b971dc70d25e30791dbb6e0b

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:discourse:discourse:2.8.0:beta1::::::	n/a	n/a	2.8.0
cpe:2.3:a:discourse:discourse:2.8.0:beta2::::::	n/a	n/a	2.8.0
cpe:2.3:a:discourse:discourse:2.8.0:beta3::::::	n/a	n/a	2.8.0
cpe:2.3:a:discourse:discourse:2.8.0:beta4::::::	n/a	n/a	2.8.0
cpe:2.3:a:discourse:discourse:2.8.0:beta5::::::	n/a	n/a	2.8.0
cpe:2.3:a:discourse:discourse:2.8.0:beta6::::::	n/a	n/a	2.8.0
cpe:2.3:a:discourse:discourse:2.8.0:beta7::::::	n/a	n/a	2.8.0
cpe:2.3:a:discourse:discourse::::::::	n/a	2.7.11	*

External Links

NVD - CVE-2021-43793